Retaliatory Hacking: Risky Business or Legitimate Corporate Security?
|
|
- Erin Morgan Page
- 8 years ago
- Views:
Transcription
1 Retaliatory Hacking: Risky Business or Legitimate Corporate Security? 1
2 Presenter: Sean L. Harrington Cybersecurity Partnership Manager and information security risk assessor in the banking industry; Digital forensics examiner in private practice; Graduate with honors from Taft Law School, and holds the MCSE, CISSP, CHFI, CCFP, and CSOXP certifications; Has served on the board of the Minnesota Chapter of the High Technology Crime Investigation Association; Current member of Infragard, FS-ISAC, the Financial Services Roundtable s legislative and regulatory working groups, Chamber of Commerce Cyber Working Group, among others; Teaches digital forensics for Century College in Minnesota; An instructor for the new CCFP certification. 2
3 Not Legal Advice This presentation is based upon a scholarly work, and is intended to promote discussion and innovation. This presentation is not intended to convey legal advice. Readers should not act or refrain from acting based upon the presenter s oral or written statements 3
4 Resources The CIP Report, George Mason University Center for Infrastructure Protection and Homeland Security, Volume 12, No. 4 (Oct., 2013) Services.pdf, pp Cyber Security Active Defense: Playing with Fire or Sound Risk Management? 20 RICH. J.L. & TECH. 1 (2014) (draft copy available at 4
5 Preview 1.Key terms & concepts 2.Key statutes 3.Active Defense Approaches & associated legal, regulatory, ethical, and practical considerations 4.theories rationalizing active defense 5.Promising alternatives 5
6 TRIVIA When was the last time any substantive cyber security federal legislation was passed, and what was it? 6
7 TRIVIA The Computer Fraud and Abuse Act (CFAA) and Electronic Communications Privacy Act (ECPA) make reference to the Internet how many times? 7
8 Who cares? Lawyers Plaintiff & Defense In-house & outside counsel Compliance Attorneys CISO/ISO Boards and Organizational Leadership Information Security Professionals 8
9 Active Defense Hack Back Offensive Counter Measures ( OCM ) Retaliatory Hacking Protecting and defending 9 electronic information
10 Federal Statutory Prohibitions Computer Fraud and Abuse Act of 1986 Provides both civil and criminal penalties for violation Electronic Communications and Privacy Act of 1986 Provides both civil and criminal penalties for violation Title I: Wiretap Act Title II: Stored Communications Act Title III: pen register and trap and trace devices 18 U.S.C. 2252; 18 U.S.C. 2252A* Many states have counterpart statutes, some of which contain more specific language and are less antiquated. 10
11 CFAA Directed at criminal computer hacking Prohibits computer intrusions accessing computers without authorization, or exceed[ing] authorize[d] access, which statutory phrases have been the continuing subject of appellate review. Private parties who can show damage or loss in excess of $5,000, which can include the cost of hiring a forensic examiner plus his or her assessment of the damage caused to the victim s computer or business, can sue. The Government can pursue felony charges if damages are in excess of $5,000 House Judiciary Committee considering augmenting the Act all offenses would be felonies 11
12 ECPA Title I Update of the original wiretap law of 1968 Prohibits interception, disclosure, or use of wire, oral, and electronic communications in transit must be contemporaneous with transmission examples: , text/video messaging, keystrokes (some courts) Prohibits public Internet carriers from disclosing content of in-transit 12
13 Privacy CA and MN Data handling Data Breach Notification PCI DSS Gramm-Leach-Bliley Act: requires financial institutions to protect information collected about individuals, and prohibits disclosure of their customers' account numbers 13
14 ECPA Title II (Stored Communications Act) Applies to ISPs. Inapplicable to private companies internal systems. Restricts Government access to customer and subscriber information and records Providers may disclose protected information if: Consent is given by the sender, an addressee, or the recipient Content was inadvertently obtained and appears to contain evidence of the commission of a crime 14
15 Ethics Codes of Conduct describes the expected behavior of members of an association or practitioners of a profession, and generally seek to protect the organization or profession from the consequences of bad behavior of its members. ABA Model Rules 1.2, 5.3, 8.4(c) (ISC) 2 Code of Ethics Preamble* (ISC) 2 Code of Ethics Cannons** Model Rules 15
16 Active Defense Approaches Approaches Risks Beaconing Threat Intelligence Gathering Sinkholing Honeypots Retaliatory Hacking Legal Ethical Escalation Misattribution and collateral damage Goodwill & reputation 16
17 Active Defense Hack Back Theories advanced for justified retaliatory hacking: Recapture of chattels private necessity Castle doctrine private security guard doctrine 17
18 Promising Alternatives to Hack Back Preventive: Private companies collaboration with ISPs and industry partnerships to combat; Intelligence sharing and gathering (ISACs); Harden the perimeter Detective: tools; know your network traffic; Corrective: collaboration with government and other private corporations: (e.g., takedowns of Citadel, Zeus) Corrective: cyber legislation Risk transfer: outsourcing, cyber insurance 18
19 Common Sense Thoughts Develop and enforce sound initial security hardening practices Develop and enforce incident handling policies and procedures consistent with company position Develop and implement and participate in collaborative task forces among governmental and private companies with similar problems Caution and prudence before attempting to respond to a hack with affirmative defense approaches 19
20 Questions? Comments? 20
21 Thank You! Sean L. Harrington 21
CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015
CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 On March 10, 2015 the Center for Strategic and International Studies, in conjunction with the Cybersecurity Unit of the U.S. Department of
More informationJAN 2 2 2016. (a) The obstruction, impairment, or hindrance of the. (b) The obstruction, impairment, or hindrance of any
~ (c) S.B. NO. \ JAN 0 A BILL FOR AN ACT THE SENATE TWENTY-EIGHTH LEGISLATURE, 0 STATE OF HAWAII RELATING TO LAW ENFORCEMENT. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII: ' SECTION. Section
More informationDEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)
DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners
More informationExhibit A. Federal Statutes Impacting Data Security
Exhibit A Federal Statutes Impacting Data Security Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 Federal Law Citation
More informationThe Law of Web Application Hacking. CanSecWest March 9, 2011 Marcia Hofmann, EFF
The Law of Web Application Hacking CanSecWest March 9, 2011 Marcia Hofmann, EFF what we ll talk about today Three situations you should recognize and approach with caution when you re doing security research
More informationCHAPTER 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS
18 U.S.C. United States Code, 2010 Edition Title 18 - CRIMES AND CRIMINAL PROCEDURE PART I - CRIMES CHAPTER 121 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS CHAPTER 121
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationTHE COUNTY OF MONTGOMERY POLICIES AND PROCEDURES FALSE CLAIMS AND WHISTLEBLOWER PROTECTIONS
THE COUNTY OF MONTGOMERY POLICIES AND PROCEDURES POLICY It is the obligation of the County of Montgomery (the County ) to prevent and detect any fraud, waste and abuse in its organization related to Federal
More informationIn an age where so many businesses and systems are reliant on computer systems,
Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their
More informationLegal and Ethical Issues Facing Computer & Network Security Researchers
Legal and Ethical Issues Facing Computer & Network Security Researchers Aaron Burstein UC Berkeley School of Information November 23, 2009 Constraints on Network Research U.S. law is often unclear (and
More informationInformation Security Law: Control of Digital Assets.
Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security
More informationThe Resource Newsletter for Home and Hospice Care March 2010. Home Care The Law
The Resource Newsletter for Home and Hospice Care March 2010 & Home Care The Law LEGAL HOT TOPIC: Employee Monitoring: Know the Risks or Risk Major Liability by Robert W. Markette, Jr., CHC. This issue
More informationPlease see Section IX. for Additional Information:
The Florida Senate BILL ANALYSIS AND FISCAL IMPACT STATEMENT (This document is based on the provisions contained in the legislation as of the latest date listed below.) BILL: CS/CS/SB 222 Prepared By:
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More information114 th Congress March, 2015. Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS
114 th Congress March, 2015 Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS On January 13, 2015, the Administration wrote a letter to Congress urging
More informationStored Wire and Electronic Communication and Transactional Records Access. Table of Contents
United States Secret Service Directives System Stored Wire and Electronic Communication and Transactional Records Access Table of Contents Introduction 1 Definition 1 Disclosure of Communication or Records
More informationUNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.:
UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.: UNITED STATES OF AMERICA, ) ) Plaintiff, ) DEFERRED PROSECUTION ) AGREEMENT v. ) ) BIXBY ENERGY SYSTEMS, INC., ) ) Defendant. ) The United
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationCyber Security for the Private Sector: What Companies and Their Lawyers Need to Know
Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know Gus Coldebella, Goodwin Procter LLP John Geschke, VP and General Counsel, Zendesk, Inc. Jim Jaeger, VP, Cybersecurity
More informationESTABLISHING POLICY AND PROCEDURES FOR COMPLIACE WITH 42 USC 139a(a)(68), False Claims and Whistle Blower Protections
RESOLUTION NO. COA-falseclaimsandwhistlesrev. 93-10 Date: 2/23/2010 ESTABLISHING POLICY AND PROCEDURES FOR COMPLIACE WITH 42 USC 139a(a)(68), False Claims and Whistle Blower Protections BY: Mr. George
More informationCYBER SECURITY A L E G A L P E R S P E C T I V E
A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include
More informationVNSNY CORPORATE. DRA Policy
VNSNY CORPORATE DRA Policy TITLE: FEDERAL DEFICIT REDUCTION ACT OF 2005: POLICY REGARDING THE DETECTION & PREVENTION OF FRAUD, WASTE AND ABUSE AND APPLICABLE FEDERAL AND STATE LAWS APPLIES TO: VNSNY ENTITIES
More informationCybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws
Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer
More informationHB659 151295-1. By Representative Hall. RFD: Judiciary. First Read: 23-APR-13. Page 0
HB -1 By Representative Hall RFD: Judiciary First Read: -APR-1 Page 0 -1:n:0/0/01:JET/mfc LRS01-1 1 1 1 1 1 1 1 1 0 1 SYNOPSIS: Under existing law, a court or magistrate may issue a warrant for the search
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationSUBSCRIBER PRIVACY NOTICE
PRIVACY AND SECURITY NewWave will provide you with a copy of its privacy notice at the time Service is installed, and annually afterwards, or as otherwise permitted by law. Customer can view the most current
More informationWorking with the Federal Government on Cybersecurity
O B S I D I A N C Y B E R S E C U R I T Y O C C A S I O N A L P A P E R Working with the Federal Government on Cybersecurity Preparation is Key to Success December 5, 2013 Table of Contents CONSIDER THIS...
More informationFraud, Waste and Abuse Prevention and Education Policy
Corporate Compliance Fraud, Waste and Abuse Prevention and Education Policy The Compliance Program at the Cortland Regional Medical Center (CRMC) demonstrates our commitment to uphold all federal and state
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationCommunications and Privacy: The Impact of Changing Regulations and Technology on an Organization s Privacy and Data Protection Policies
Communications and Privacy: The Impact of Changing Regulations and Technology on an Organization s Privacy and Data Protection Policies K.C. Halm, Davis Wright Tremaine, LLP Greg Kopta, Davis Wright Tremaine,
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationSecretary of the Senate. Chief Clerk of the Assembly. Private Secretary of the Governor
Senate Bill No. 467 Passed the Senate September 10, 2013 Secretary of the Senate Passed the Assembly September 9, 2013 Chief Clerk of the Assembly This bill was received by the Governor this day of, 2013,
More informationTHE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION
THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION Paul Rosenzweig Red Branch Consulting PLLC www.redbranchconsulting.com www.paulrosenzweigesq.com The Economics of Cybersecurity Non-Exclusive (Use
More informationSummary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum
Summary of Privacy and Data Security Bills- 112 th Congress Prepared for September 15, 2011 CT Privacy Forum GEOLOCATION TRACKING The Location Privacy Protection Act of 2011 (S. 1223)- introduced by s
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationCommittee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on
Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on US Legal Instruments for Access and Electronic Surveillance of EU Citizens Introduction This note presents
More informationEXECUTIVE SUMMARY Compliance Program and False Claims Recovery
EXECUTIVE SUMMARY Compliance Program and False Claims Recovery INTRODUCTION: The Federal Deficit Reduction Act of 2005, also known as the DRA, requires that providers give their employees, medical staff,
More informationTJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT
PRIVACY POLICY STATEMENT Purpose: It is the policy of this Physician Practice that we will adopt, maintain and comply with our Notice of Privacy Practices, which shall be consistent with HIPAA and California
More informationSocial Media In the Workplace
Social Media In the Workplace By Randy Green and John Michael Ekblad 306 West Church Street, Champaign, IL 61820 (217)352-1800 Overview: Social Media What is it? Risks Presented Properly Regulating Employee
More informationVILLAGECARE CORPORATE COMPLIANCE POLICY AND PROCEDURE MANUAL ORIGINAL EFFECTIVE DATE: JANUARY 1, 2007
VILLAGECARE CORPORATE COMPLIANCE POLICY AND PROCEDURE MANUAL SUBJECT: COMPLIANCE WITH FEDERAL AND STATE FALSE CLAIMS LAWS AND DETECTION AND PREVENTION OF FRAUD, WASTE AND ABUSE LAST POLICY REVISION EFFECTIVE
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationMinnesota State Colleges and Universities System Procedures Chapter 5 Administration. Guideline 5.23.1.4 Information Security Incident Response
Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Information Security Incident Response Part 1. Purpose. This guideline establishes the minimum requirements for Information
More information12.809 COURT ORDERS FOR TELEPHONE RECORDS
12.809 COURT ORDERS FOR TELEPHONE RECORDS References: United States Code (USC) 18USC2510-18USC2522, et al - Federal Wiretap Statutes 18USC2703 - Release of Subscriber Information to Law Enforcement under
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationFraud-Related Compliance
Fraud-Related Compliance Investigating and Reporting 2015 Association of Certified Fraud Examiners, Inc. Investigations, Reporting, and Compliance Investigations benefit victim organizations by: Recovering
More informationPrivacy Statement. Policy Overview. This Notice tells you our policies regarding:
Privacy Statement At Glacier Club Cable TV we take your privacy seriously and we want you to know our policies. This Notice will give you an overview of those policies and how we will apply them in specific
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More information2. "Consumer" means an individual. (same as 15 U.S.C. 1681a(c))
Combo security freeze bill with consensus areas. Where no consensus: AG language in left column, CDIA language in right column. In some cases, differences on specific points are identified in text of bill.
More informationCYBERCRIME LAWS OF THE UNITED STATES
CYBERCRIME LAWS OF THE UNITED STATES United States Code, Title 18, Chapter 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS 2701. Unlawful access to stored communications
More informationE-mail Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP
E-mail Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP This Practice Note is published by Practical Law Company on its PLC Law Department web
More informationComparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills
April 4, 2012 Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills The chart below compares on civil liberties grounds four bills that seek to promote
More informationFEDERAL & NEW YORK STATUTES RELATING TO FILING FALSE CLAIMS
FEDERAL & NEW YORK STATUTES RELATING TO FILING FALSE CLAIMS I. FEDERAL LAWS False Claims Act (31 USC 3729-3733) The False Claims Act ("FCA") provides, in pertinent part, that: (a) Any person who (1) knowingly
More informationhttp://www.microsoft.com/presspass/presskits/cloudpolicy/docs/caaproposal.doc
http://www.microsoft.com/presspass/presskits/cloudpolicy/docs/caaproposal.doc Executive Summary January 2010 Building Confidence in the Cloud: A Proposal for Industry and Government Action to Advance Cloud
More informationDepartment of Justice Revises Policies Regarding Waiver of Privilege. Gabriel L. Imperato, Esq.*
Department of Justice Revises Policies Regarding Waiver of Privilege Gabriel L. Imperato, Esq.* The Department of Justice recently modified its Principles for Federal Prosecution of Business Organizations,
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationNorth Shore LIJ Health System, Inc.
North Shore LIJ Health System, Inc. POLICY TITLE: Detecting and Preventing Fraud, Waste, Abuse and Misconduct POLICY #: 800.09 System Approval Date: 6/23/14 Site Implementation Date: Prepared by: Office
More informationElectronic Monitoring to Promote National Security Impacts Workplace Privacy
Employee Responsibilities and Rights Journal, Vol. 15, No. 3, September 2003 ( C 2003) Electronic Monitoring to Promote National Security Impacts Workplace Privacy Nancy J. King 1 This paper explores electronic
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationEMPLOYMENT LAW DEFINITION OF AN EMPLOYEE
EMPLOYMENT LAW The Internet affects the relationships between employers and employees. E-mail communication has become commonplace as a fast and easy method of communication between employees, clients,
More informationUnited States House of Representatives United States House of Representatives. Washington, DC 20515 Washington, DC 20515
April 17, 2015 The Honorable John Boehner The Honorable Nancy Pelosi Speaker of the House Democratic Leader United States House of Representatives United States House of Representatives H-232, U.S. Capitol
More informationSOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572
SOUTH NASSAU COMMUNITIES HOSPITAL One Healthy Way, Oceanside, NY 11572 POLICY TITLE: Compliance with Applicable Federal and State False Claims Acts POLICY NUMBER: OF-ADM-232 DEPARTMENT: Hospital-wide CROSS-REFERENCE:
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationS. ll IN THE SENATE OF THE UNITED STATES A BILL
TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information
More informationCongress Passes New Anti-Spam Legislation
DECEMBER 2003 Congress Passes New Anti-Spam Legislation On December 16, 2003, President Bush signed into law the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the CAN-SPAM Act
More informationWEST VIRGINIA LEGISLATURE. House Bill 4402
06R WEST VIRGINIA LEGISLATURE 06 REGULAR SESSION Introduced House Bill 0 BY DELEGATES SKINNER AND FAIRCLOTH [Introduced February, 06; referred to the committee on the Judiciary.] 06R A BILL to amend the
More informationEmployers Guide to Best Practices. For Use of Background Checks in Employment Decisions. Copyright 2010 Lawyers Committee for Civil Rights Under Law
Employers Guide to Best Practices For Use of Background Checks in Employment Decisions A 2010 poll of the Society of Human Resource Management shows that approximately 60 percent of employers use credit
More informationCYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR
CYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR July 28, 2015 The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA, S. 754 1 ) on the Senate floor soon. The bill was marked
More informationTHE AMERICAN LAW INSTITUTE Continuing Legal Education. Estate Planning for the Family Business Owner
91 THE AMERICAN LAW INSTITUTE Continuing Legal Education Estate Planning for the Family Business Owner Cosponsored by the ABA Section of Real Property, Trust and Estate Law and the ABA Section of Taxation
More informationEvolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :
Texas HB 300 HB 300: Background Texas House Research Organizational Bill Analysis for HB 300 shows state legislators believed HIPAA did not provide enough protection for private health information (PHI)
More informationrequires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.
LEGAL ETHICS OPINION 1814 UNDISCLOSED RECORDING OF THIRD PARTIES IN CRIMINAL MATTERS In this hypothetical, a Criminal Defense Lawyer represents A who is charged with conspiracy to distribute controlled
More informationDigital Evidence Collection and Use. CS 585 Fall 2009
Digital Evidence Collection and Use CS 585 Fall 2009 Outline I. II. III. IV. Disclaimers Crime Scene Processing Legal considerations in Processing Digital Evidence A Question for Discussion Disclaimers
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationElectronic Communications: E-Mail, Voicemail, Telephones, Internet and Computers
Electronic Communications: E-Mail, Voicemail, Telephones, Internet and Computers Key Points Put employees on notice through policies that they should have no expectation of privacy arising from their use
More informationSUMMARY OF PUBLIC LAW 108-187 THE CAN-SPAM ACT OF 2003
SUMMARY OF PUBLIC LAW 108-187 THE CAN-SPAM ACT OF 2003 On December 16, 2003, President Bush signed into law the CAN-SPAM Act of 2003. CAN-SPAM stands for "Controlling the Assault of Non-Solicited Pornography
More informationAccountability Report Card Summary 2013 Pennsylvania
Accountability Report Card Summary 2013 Pennsylvania Pennsylvania has a passable state whistleblower law: Scoring 61 out of a possible 100; Ranking 17 th out of 51 (50 states and the District of Columbia).
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationAccountability Report Card Summary 2013 New Mexico
Accountability Report Card Summary 2013 New Mexico New Mexico has a pretty strong state whistleblower law: Scoring 72 out of a possible 100 points; Ranking 4 th out of 51 (50 states and the District of
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationCOUNTY OF ORANGE. False Claims Act and Whistleblower Provisions Policy and Procedures
COUNTY OF ORANGE False Claims Act and Whistleblower Provisions Policy and Procedures COUNTY OF ORANGE FALSE CLAIMS ACT AND WHISTLEBLOWER PROVISIONS POLICY AND PROCEDURES I. Purpose. The County of Orange
More informationISBA Advisory Opinion on Professional Conduct
ISBA Advisory Opinion on Professional Conduct ISBA Advisory Opinions on Professional Conduct are prepared as an educational service to members of the ISBA. While the Opinions express the ISBA interpretation
More informationIdentity Theft Regulation. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA. *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota
1 Identity Theft Regulation *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota (605) 455-6110 csarmiento@olc.edu Introduction This
More informationSENATE FILE NO. SF0065. Sponsored by: Senator(s) Johnson and Case A BILL. for. AN ACT relating to consumer protection; providing for
00 STATE OF WYOMING 0LSO-00 SENATE FILE NO. SF00 Identity theft protection. Sponsored by: Senator(s) Johnson and Case A BILL for AN ACT relating to consumer protection; providing for notice to consumers
More informationChicago-Kent College of Law: Career Services Office Public Interest Career Plan
Chicago-Kent College of Law: Career Services Office Public Interest Career Plan When you have completed this survey, please schedule an appointment with Michelle Mohr Vodenik in the Career Services Office,
More informationThe DMA s Analysis of Can Spam Act of 2003
The DMA s Analysis of Can Spam Act of 2003 December 11, 2003 The following is a Direct Marketing Association analysis of the Can Spam Act of 2003 (S. 877), which Congress sent to the President for signing
More informationNEW WAVE PRIVACY NOTICE
NEW WAVE PRIVACY NOTICE Companies controlled by NewWave Communications (subsequently referred to as NewWave, we, our, or us ) operate cable television systems through which they provide their customers
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationEMR: Electronic Medical Records Security: International Law Review
EMR: Electronic Medical Records Security: International Law Review HCCA 11 th Annual Compliance Institute, April 2007 Jill Nelson, RN, MBA, JD, CPC, CHC Cleveland Clinic, Director of Corporate Compliance
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationOKLAHOMA LAWS RELATING TO IDENTITY THEFT
OKLAHOMA LAWS RELATING TO IDENTITY THEFT Prepared for VICARS by Legal Aid Services of Oklahoma Introduction: OKLAHOMA LAWS RELATING TO IDENTITY THEFT Identity theft takes place when someone uses your personal
More informationShady RATs, Topiaries, and Other Curious Creatures: A Lawyer's Look at InfoSec 2011
Shady RATs, Topiaries, and Other Curious Creatures: A Lawyer's Look at InfoSec 2011 Presented by: Melissa L. Markey, Esq. Hall, Render, Killian, Heath & Lyman, PLLC 201 West Big Beaver Rd, Suite 1200 Troy,
More informationSECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.
SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,
More information